misc/103486: [patch] rc.d/jail: mount fstab after devfs

[Jeremie Le Hen]

>Number:         103486
>Category:       misc
>Synopsis:       [patch] rc.d/jail: mount fstab after devfs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Fri Sep 22 14:00:36 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Jeremie Le Hen
>Release:        FreeBSD 6.1-STABLE i386
>Organization:
>Environment:
System: FreeBSD obiwan 6.1-STABLE FreeBSD 6.1-STABLE #8: Sun Jun 25 18:27:14 CEST 2006 root at obiwan:/usr/obj/usr/src/sys/OBIWAN i386
>Description:
	The host administrator might sometime want to use the $jail_<jname>_fstab
	to mount devfs in more than one directory inside the jail.
>How-To-Repeat:
	Try to run a chrooted named(8) in a jail, it is currently impossible.
	Indeed, when $named_chroot_autoupdate is set to YES (the default),
	rc.d/named tries to mount devfs in $named_chrootdir/dev, which is
	obvisouly impossible from inside a jail.
	Thus it would be worth being possible to use $jail_<jname>_fstab to
	mount $jail_<jname>_rootdir/dev onto $jail_<jname>_rootdir/$named_chrootdir/dev.
	This is a little bit hackish, but a least makes possible to run
	a chrooted named(8) in a jail.
>Fix:
Index: jail
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/jail,v
retrieving revision 1.34
diff -u -p -u -p -r1.34 jail
--- jail	30 May 2006 16:20:48 -0000	1.34
+++ jail	22 Sep 2006 13:16:47 -0000
@@ -154,6 +154,10 @@ set_sysctl()
 #
 jail_umount_fs()
 {
+	if checkyesno _mount; then
+		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
+		umount -a -F "${_fstab}" >/dev/null 2>&1
+	fi
 	if checkyesno _fdescfs; then
 		if [ -d "${_fdescdir}" ] ; then
 			umount -f ${_fdescdir} >/dev/null 2>&1
@@ -169,10 +173,6 @@ jail_umount_fs()
 			umount -f ${_procdir} >/dev/null 2>&1
 		fi
 	fi
-	if checkyesno _mount; then
-		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
-		umount -a -F "${_fstab}" >/dev/null 2>&1
-	fi
 }
 
 jail_start()
@@ -199,13 +199,6 @@ jail_start()
 		if [ -n "${_interface}" ]; then
 			ifconfig ${_interface} alias ${_ip} netmask 255.255.255.255
 		fi
-		if checkyesno _mount; then
-			info "Mounting fstab for jail ${_jail} (${_fstab})"
-			if [ ! -f "${_fstab}" ]; then
-				err 3 "$name: ${_fstab} does not exist"
-			fi
-			mount -a -F "${_fstab}"
-		fi
 		if checkyesno _devfs; then
 			# If devfs is already mounted here, skip it.
 			df -t devfs "${_devdir}" >/dev/null
@@ -239,6 +232,13 @@ jail_start()
 				mount -t procfs proc "${_procdir}"
 			fi
 		fi
+		if checkyesno _mount; then
+			info "Mounting fstab for jail ${_jail} (${_fstab})"
+			if [ ! -f "${_fstab}" ]; then
+				err 3 "$name: ${_fstab} does not exist"
+			fi
+			mount -a -F "${_fstab}"
+		fi
 		_tmp_jail=${_tmp_dir}/jail.$$
 		eval jail ${_flags} -i ${_rootdir} ${_hostname} \
 			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
>Release-Note:
>Audit-Trail:
>Unformatted: